hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (Jira)" <j...@apache.org>
Subject [jira] [Work logged] (HIVE-23715) Fix zookeeper ssl keystore password handling issues
Date Thu, 18 Jun 2020 08:59:00 GMT

     [ https://issues.apache.org/jira/browse/HIVE-23715?focusedWorklogId=447702&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-447702
]

ASF GitHub Bot logged work on HIVE-23715:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Jun/20 08:58
            Start Date: 18/Jun/20 08:58
    Worklog Time Spent: 10m 
      Work Description: pvargacl commented on a change in pull request #1141:
URL: https://github.com/apache/hive/pull/1141#discussion_r442074285



##########
File path: standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/ZooKeeperTokenStore.java
##########
@@ -479,26 +482,50 @@ public void init(Object hmsHandler, HadoopThriftAuthBridge.Server.ServerMode
sMo
         conf.get(MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR, null);
     if (zkConnectString == null || zkConnectString.trim().isEmpty()) {
       // try alternate config param
-      zkConnectString =
-          conf.get(
-              MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR_ALTERNATE,
-              null);
+      zkConnectString = conf.get(MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR_ALTERNATE,
null);
       if (zkConnectString == null || zkConnectString.trim().isEmpty()) {
-        throw new IllegalArgumentException("Zookeeper connect string has to be specified
through "
-            + "either " + MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR
-            + " or "
-            + MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR_ALTERNATE
-            + WHEN_ZK_DSTORE_MSG);
+        throw new IllegalArgumentException("Zookeeper connect string has to be specified
through " + "either "
+            + MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR + " or
"
+            + MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR_ALTERNATE
+ WHEN_ZK_DSTORE_MSG);
+      }
+      // If we use the alternate zk config (the global one)
+      // we should also use the related properties from the global config
+      zkConnectPort = MetastoreConf.getVar(conf, MetastoreConf.ConfVars.THRIFT_ZOOKEEPER_CLIENT_PORT);
+      connectTimeoutMillis = (int) MetastoreConf
+          .getTimeVar(conf, MetastoreConf.ConfVars.THRIFT_ZOOKEEPER_CONNECTION_TIMEOUT, TimeUnit.MILLISECONDS);
+      sslEnabled = MetastoreConf.getBoolVar(conf, MetastoreConf.ConfVars.THRIFT_ZOOKEEPER_SSL_ENABLE);

Review comment:
       That else is for the previous if statement.
   
   if (we use the alternate config)
     read the alternate sslEnabled
     if( that property is set)
      read the other properties from the alternate config
   else // we use the delegation own config
     read the delagation sslEnabled config
     if (the that property is set)
       read the other properties from the delegation config




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 447702)
    Time Spent: 1h  (was: 50m)

> Fix zookeeper ssl keystore password handling issues
> ---------------------------------------------------
>
>                 Key: HIVE-23715
>                 URL: https://issues.apache.org/jira/browse/HIVE-23715
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Peter Varga
>            Assignee: Peter Varga
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> In HIVE-23045 Zookeeper SSL communication support was introduced, but the password config
for the keystore and truststore is not handled correctly is they are stored in jceks.
> Also the ZooKeeperTokenStore is not handling well the fallback to the global zookeeper
configurations.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message